Guidelines proposed for securing geospatial data

An interagency committee has developed a set of guidelines for reviewing geospatial data, deciding if it should be made available to the public and defining what security approach to take.

Geospatial data provides specific location information referenced to a system of geographic coordinates. Government, academic and commercial organizations produce large amounts of this data and store it in digital formats widely accessed and used by a variety of IT applications.

'The vast majority of [this data is] appropriate for public dissemination,' the Federal Geographic Data Committee said in the guidelines released for review this week. 'However, a small portion ' could pose risks to security,' and there are no standards for restricting access.

The guidelines, which are not binding, address procedures for identifying sensitive information and reviewing decisions on access restrictions.

The 19-member FGDC, which has representatives from the Executive Office of the President and from Cabinet agencies, is developing the National Spatial Data Infrastructure. The Geological Survey is the committee's host. The committee's Homeland Security Working Group developed the guidelines.

The guidelines lay out 14 steps for organizations that originate geospatial data to use in determining if restrictions are needed. The steps are based on three factors:

Can the data be used for selecting targets or for planning or executing attacks?

Is the data available elsewhere?

Do the benefits of making the data available outweigh the risks?

If significant risk is found, an organization should decide whether to remove the data or restrict access to it.